2.3.4 Practice questions
Which of the examples is privilege escalation? Separation of duties Mandatory vacations Creeping Privileges
Creeping privileges occurs when a users job changes and they are granted new set of access privileges and keep passed privileges.
You want to implement an access list control list where only the users you specifically authorize have access to the resource. Anyone on the list should be prevented from having access. Which of the following methods of access control will the access list user? Implicit allow, explicit deny Explicit allow, implicit deny Explicit allow, explicit deny
Explicit allow, Implicit deny The access list will used explicit allow-- users who are allowed to access are specifically identified.
An access control list contains a list of users and allowed permissions. What is it called if the ACL automatically prevents access to anyone who is not on the list? Explicit allow Implicit allow Implicit deny
Implicit deny, users or groups that are not specifically given access to resources are denied access. It means that there is an assumed or unstated deny that prevents access to anyone not explicit on the list.
You are concerned that the accountant in your organization might have the chance to modify financial information and steal from the company. You want to have another person take over all accounting responsibilities to catch any irregularities. Least privilege Job rotation Need to know separation of duties
Job rotation is the technique where users are cross-trained in multiple jobs positions and responsibility are regularly rotated between personnel.
Which of the following principles is implemented in a mandatory access control model to determine object access by classification. Clarence Ownership Need to know
Need to know is used with mandatory control environments to implement granular control over access to segmented and classified data.
What is the primary purpose of separation of duties. Prevent conflicts of interests Increase the difficulty of performing administration grant greater range of control to senior management.
Prevent conflicts of interest
Separation of duties is an examples of which type of access control? Compensative Corrective Preventive Detective
Preventive access controls deter intrusion or attacks.
You assigns access permissions so that users can only access the resources required to accomplish their specific work tasks. Which security principal are complying with? Cross-Training Job rotation Need to know
Principal of least privileges is the assignment of access permissions so that users only access he resources required to accomplish their tasks.
Which type of media preparation is sufficient for media that will be reused in a different security contexts within your organization? Formatting Deletion Sanitation
Sanitizing media that will be reused in a different security context. It is the process of cleaning a device by having all data remnants removed.
You want to make sure that any reimbursement checks issued by your company cannot be issued by a single person. Which security principal should you implement to accomplish this goal. Job rotation Separation of duties Implicit deny Mandatory vacations
Separation of duties is the policy of requiring more than one person participate in completing a task
When security principle prevents one administrator from having sufficient access to compromise the security of the IT solution? Dual admin accounts Separation of duties Need to know
Separation of duties is the security principle that states that no single user is granted sufficient privileges to compromise the security of an entire environment.
Need to know access is required to aces which type of resources? Compartmentalized resources Low security resources High security resources
need to know access is required to retrieve Compartmentalized resources
